Digital Forensics Ch 4 Review Questions

Ace your homework & exams now with Quizwiz!

In the United States, if a company publishes a policy stating that it reserves the right to inspect computing assets at will, a private-sector investigator can conduct covert surveillance on an employee with little cause. True or False?

True

List two hashing algorithms commonly used for forensic purposes.

MD5, SHA-1

Computer peripherals or attachments can contain DNA evidence. True or False?

True

If a company doesn't distribute a computing use policy stating an employer's right to inspect employees' computer freely, including e-mail and Web use, employees have an expectation of privacy. True or False?

True

Small companies rarely need investigators. True or False?

False

The plain view doctrine in computer searches is well-established law. True or False?

False

You should always answer questions from onlookers at a crime scene. True or False?

False

Which of the following techniques might be used in covert surveillance?

all of the above: keylogging, data sniffing, network logs

Describe what should be videotaped or sketched at a digital crime scene.

anything at a digital crime scene that might be of interest to the investigation

When you arrive at the scene, why should you extract only those items you need to acquire evidence?

to minimize how much you have to keep track of at the scene

In forensic hashes, when does a collision occur?

when two different files have the same hash value

If you discover a criminal act while investigating a company policy abuse, the case becomes a criminal investigation and should be referred to law enforcement. True or False?

True

As a private-sector investigator, you can become an agent of law enforcement when which of the following happens?

When you begin to take orders from a police detective without a warrant or subpoena

If a suspect's computer is found in an area that might have toxic chemicals, you must do which of the following?

coordinate with the HAZMAT team

You have been called to the scene of a fatal car crash where a laptop computer is still running. What type of field kit should you take with you?

initial-response kit

What are the three rules for a forensic hash?

it can't be predicted, no two files can share the same hash value, if the file changes the hash value changes

Private-sector investigations are typically easier than law enforcement investigations for which of the following reasons?

no warrant required, most companies keep inventory databases of all hardware and software used

Commingling evidence means what in a private-sector setting?

sensitive or confidential information is mixed with data collected as evidence


Related study sets

Why the Jews? Confronting Antisemitism - Quiz 4

View Set

Chapter 18: Protein Structure and Function

View Set

Bedeutung und Definition von Marketing

View Set

ATI RN Nursing Care of Children Practice B (NGN QUESTIONS ONLY)

View Set

NRS326- Fluid + Electrolyte Socrative

View Set

Research Exam III Practice Problems

View Set